Lucene search
MitreCVELIST:CVE-2020-6859HistoryJan 13, 2020 - 4:31 p.m.
CVE-2020-6859
2020-01-1316:31:09
mitre
www.cve.org
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users’ profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
References
github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269
github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310
github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1
wordpress.org/plugins/ultimate-member/#developers
wpvulndb.com/vulnerabilities/10041
Related
openvas
openvas
wpvulndb
wpvulndb
Ultimate Member < 2.1.3 - Insecure Direct Object Reference (IDOR)
2020-01-13 00:00:00
patchstack
patchstack
prion
prion
Design/Logic Flaw
2020-01-13 17:15:00
nvd
nvd
CVE-2020-6859
2020-01-13 17:15:11
cve
cve
CVE-2020-6859
2020-01-13 17:15:11
osv
osv
CVE-2020-6859
2020-01-13 17:15:11